Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TROJAN HORSE, MALWARE PROBS! heres my activescan and HJT logs.


  • Please log in to reply

#1
lukeinzaghi

lukeinzaghi

    New Member

  • Member
  • Pip
  • 1 posts
hope someone can help me!
cheers
luke

;*******************************************************************************
***************************
ANALYSIS: 2008-04-17 19:32:24
PROTECTIONS: 1
MALWARE: 41
SUSPECTS: 1
;*******************************************************************************
***************************
[/left]
PROTECTIONS
Description Version Active Updated
;=======================================================================
AVG 7.5.524 7.5.524 Yes Yes
;=========================================================================
MALWARe
Id Description Type Active Severity Disinfectable Disinfected Location
;=======================================================================
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install.1
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\lydgyrpx.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\ltzmapof.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\kyubpsti.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\mmzvjotx.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\noagpora.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\rjxagsok.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\kpnsmitt.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\2 noun.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\Dart five.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\defaultgrid.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\Dumb Drv.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\grim sect.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\NEWSETUP.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\program link.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\supportsign.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\transthe.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\Vga Team.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\bootryvr.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\daxarwdp.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\dkjgkwrh.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\dzltkxst.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\hxecrnyn.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\jpgqghcv.exe
00048936 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\m\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-645f4c2c-75266df4.class
00063168 spyware/dluca Spyware No 1 Yes No hkey_current_user\software\sp2ctr
00063168 spyware/dluca Spyware No 1 Yes No hkey_current_user\software\program info
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.casalemedia.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@atdmt[1].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.ccbill.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.belnk.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.xiti.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@bs.serving-sys[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@advertising[1].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.adopt.hbmediapro.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@ads.pointroll[1].txt
00173905 Cookie/Xmts TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.xmts.net/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@adrevolver[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.go.com/]
00200583 adware/block-checker Adware No 1 Yes No c:\windows\system32\ustart.exe
00213191 dialer.dgi Dialers No 0 Yes No hkey_local_machine\software\mpb
00213191 dialer.dgi Dialers No 0 Yes No hkey_current_user\software\mpb
00217978 application/errorguard HackTools No 0 Yes No hkey_classes_root\clsid\{205ff73b-ca67-11d5-99dd-444553540006}
00217978 application/errorguard HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{205ff73b-ca67-11d5-99dd-444553540006}
00268735 Adware/Webdir Adware No 0 No No C:\Documents and Settings\m\Desktop\AVIMoviePlayer50.exe[IECodecPlg.dll]
00268735 Adware/Webdir Adware No 0 Yes No C:\WINDOWS\IECodecPlg.dll
00596566 Adware/ActiveSearch Adware No 0 No No C:\Program Files\Morpheus\morpheustoolbar.exe[morpheustoolbar.dll]
00895808 Generic Trojan Virus/Trojan No 0 Yes Yes C:\WINDOWS\Downloaded Program Files\Install.dll
01346783 Adware/VideoAccess Adware No 1 Yes No C:\Program Files\VideoAccessCodec\Uninstall.exe
01346783 Adware/VideoAccess Adware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\VideoAccessCodec\Uninstall.exe.vir
01941633 Application/SpyBouncer HackTools No 0 No No C:\WINDOWS\Downloaded Installations\{33242EA1-7ED8-4C4F-A3CE-B9E8EC606EF1}\SpyBouncer.msi[unk_0084][delmod.dll]
01942368 Exploit/Gimsh.A HackTools No 0 Yes No C:\Documents and Settings\m\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-220fecef-3ac26b3a.zip[BaaaaBaa.class]
02183986 Trj/Banker.FWD Virus/Trojan No 1 No No C:\System Volume Information\_restore{237EC1CF-1EE2-466A-BD3B-9D742C615F47}\RP307\A0331259.exe[AviPlayer.exe]
02384441 Application/Morpheus Spyware No 0 Yes No C:\Program Files\Morpheus\morpheustoolbar.exe
02510759 Application/SpyBouncer HackTools No 0 No No C:\WINDOWS\Downloaded Installations\{33242EA1-7ED8-4C4F-A3CE-B9E8EC606EF1}\SpyBouncer.msi[unk_0084][delQueue.exe]
02899550 Application/SpywareSecure HackTools No 0 Yes No C:\Documents and Settings\m\Local Settings\Temp\4o6y1ihk.exe
02911205 Adware/AntiSpywareDeluxe Adware No 0 Yes No C:\System Volume Information\_restore{237EC1CF-1EE2-466A-BD3B-9D742C615F47}\RP307\A0331264.exe
;===============================================================================
SUSPECTS
Sent Location
;=========================================================
No C:\WINDOWS\SYSTEM32\YOBKSF.EXE ^
;=======================================================
VULNERABILITIES
Id Severity Description ^
;===================================================
184380 MEDIUM MS08-002 ^
184379 MEDIUM MS08-001 ^
182048 HIGH MS07-069 ^
182046 HIGH MS07-067 ^
182043 HIGH MS07-064 ^
179553 HIGH MS07-061 ^
176382 HIGH MS07-057 ^
176383 HIGH MS07-058 ^
170911 HIGH MS07-050 ^
170907 HIGH MS07-046 ^
170906 HIGH MS07-045 ^
170904 HIGH MS07-043 ^
164915 HIGH MS07-035 ^
164913 HIGH MS07-033 ^
164911 HIGH MS07-031 ^
160623 HIGH MS07-027 ^
157262 HIGH MS07-022 ^
157261 HIGH MS07-021 ^
157260 HIGH MS07-020 ^
157259 HIGH MS07-019 ^
156477 HIGH MS07-017 ^
150253 HIGH MS07-016 ^
150249 HIGH MS07-013 ^
150248 HIGH MS07-012 ^
150247 HIGH MS07-011 ^
150243 HIGH MS07-008 ^
150242 HIGH MS07-007 ^
150241 MEDIUM MS07-006 ^
141034 HIGH MS06-076 ^
141033 MEDIUM MS06-075 ^
141030 HIGH MS06-072 ^
137571 HIGH MS06-070 ^
137568 HIGH MS06-067 ^
133387 MEDIUM MS06-065 ^
133386 MEDIUM MS06-064 ^
133385 MEDIUM MS06-063 ^
133379 HIGH MS06-057 ^
131654 HIGH MS06-055 ^
129977 MEDIUM MS06-053 ^
129976 MEDIUM MS06-052 ^
126093 HIGH MS06-051 ^
126092 MEDIUM MS06-050 ^
126087 HIGH MS06-046 ^
126086 MEDIUM MS06-045 ^
126083 HIGH MS06-042 ^
126082 HIGH MS06-041 ^
126081 HIGH MS06-040 ^
123421 HIGH MS06-036 ^
123420 HIGH MS06-035 ^
120825 MEDIUM MS06-032 ^
120823 MEDIUM MS06-030 ^
120818 HIGH MS06-025 ^
120815 HIGH MS06-022 ^
120814 HIGH MS06-021 ^
117384 MEDIUM MS06-018 ^
114666 HIGH MS06-015 ^
114664 HIGH MS06-013 ^
108744 MEDIUM MS06-008 ^
108743 MEDIUM MS06-007 ^
108742 MEDIUM MS06-006 ^
104567 HIGH MS06-002 ^
104237 HIGH MS06-001 ^
96574 HIGH MS05-053 ^
93395 HIGH MS05-051 ^
93394 HIGH MS05-050 ^
93454 MEDIUM MS05-049 ^
;============================



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:13, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\DOCUME~1\m\LOCALS~1\Temp\update.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: load=C:\WINDOWS\system32\exfitnxcik\winlogon.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1081FC63-E698-C755-D3A4-7344C3B8B186} - C:\DOCUME~1\m\APPLIC~1\GREYTR~1\face bend.exe (file missing)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\tbu11A\MORPHE~1.DLL (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_SA2.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P35 "EPSON Stylus DX3800 Series (Copy 1)" /O5 "LPT1:" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S451.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 1) (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S453.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S455.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Microsoft] sxe7E.tmp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProxyFirewall] D:\Program Files\ProxyFirewall\ProxyFirewall.exe
O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
O4 - HKCU\..\Run: [Update] "C:\DOCUME~1\m\LOCALS~1\Temp\update.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\sy
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP